tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,155 Commits 2 Branches 61 Tags 16 MiB
Commit Graph

98 Commits

Author SHA1 Message Date
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master 
Fix wc and head cmd when using busybox
 2020-10-22 13:24:56 +02:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Kepi 9d52395952 [FILE-6430] Don't grep nonexistant modprobe.d files 
We don't want to grep files in modprobe.d when dir is empty. Uses same approach
as in USB-1000.
 2020-07-02 18:22:03 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00
Michael Boelen b285623ac2
Remove double space 2020-06-02 16:30:43 +02:00
Michael Boelen f232b4f9bb
Added quotes 2020-04-01 16:18:03 +02:00
Sander 4732b640ae Adding test FILE-6394 2020-03-28 19:23:00 +00:00
Topi Miettinen 339e0c3207
[FILE-6374]: Summarize unhardened file system 
Report total numbers of unhardened filesystems.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-25 09:18:16 +02:00
Michael Boelen 3c8e3b0adb
Merge pull request #862 from topimiettinen/blacklist-fs 
FS module tests: check if modules are blacklisted
 2020-03-24 13:34:05 +01:00
Michael Boelen f83025a283
Merge pull request #860 from topimiettinen/harden-mount-options 
Harden mount options for /var, check also /dev and /run
 2020-03-24 13:27:50 +01:00
Topi Miettinen 0da82a18cb
FS module tests: check if modules are blacklisted 
Check if FS modules are blacklisted.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:43:53 +02:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Topi Miettinen 72e8f572bf
Harden mount options for /var, check also /dev and /run 
There should not be any need for char/block devices in /var, so
propose nodev. Sockets are not affected.

Check also /dev for noexec,nosuid and /run for
nodev,nosuid. Historically there was /dev/MAKEDEV script but that's
long gone.

In case a file system is not found in /etc/fstab, check if they are
mounted otherwise (e.g. via systemd mount units).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 16:39:02 +02:00
gfelkel d3287bd7ef
FILE-6310 for HP-UX 
HP-UX: /usr/sbin/mount reports "/home on /dev/…", so $1 has to be used
 2020-01-22 16:31:49 +01:00
Michael Boelen 35d248b74c
[FILE-6430] minor code improvements and show suggestion with more details 2019-12-18 19:20:48 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen f188bac7e8
Update description for FILE-6374 2019-10-08 15:10:02 +02:00
Michael Boelen ca0239b4d9
[FILE-6374] corrected defaults flag, added root directory, and changed logging 2019-09-12 16:34:45 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 61d8c91eeb
[FILE-6310] filter on correct field for AIX 2019-06-06 14:20:12 +02:00
Michael Boelen 256bc1da0f
Undoed submitted pull request as it breaks testing at least on Ubuntu system 2019-04-08 11:07:41 +02:00
Capashenn 137dc6f0cc fix FILE-6374 (#672) 2019-04-08 10:36:17 +02:00
Michael Boelen 2c83037cba
Minor cleanup 2019-04-02 07:58:10 +02:00
Capashenn 7b7086566d Add test FILE-6324 check XFS file systems (#699) 2019-04-02 07:46:04 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
Katarina Durechova 993edc9738 [FILE-6363] Check for sticky bit on /var/tmp (#473) 2018-01-24 17:08:21 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen dbec83566b
[FILE-6310] match mount points by exact name 2017-07-28 10:42:17 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen 295fe93ca6 [FILE-6372] Properly deal with comments in /etc/fstab 2017-03-01 16:11:17 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Zach Crownover 659d3e42c5 Improve DragonFly support (#329) 
* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now
 2016-11-19 12:39:57 +00:00
Michael Boelen 903016df36 Code cleanups and generic enhancements 2016-09-10 16:12:44 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
alobodzinski 01c687eb55 FILE-6336: Fixed flawed logic: work correctly even if there is no swap at all (#272) 2016-09-05 19:30:04 +02:00
Michael Boelen 0a0453e1bc [FILE-6344] Adjusted /proc test 2016-09-05 19:28:44 +02:00
Mark Ruys e6a829b6ed GlusterFS mounts are nodev and nosuid by default, and are invalid mount options. So ignore GlusterFS mount points. (#268) 2016-08-29 19:30:48 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen cc5142329b [FILE-6362] added details 2016-08-24 11:37:25 +02:00
Michael Boelen 5ab139931d [FILE-6362] optimized test, style, removed warning 2016-08-24 11:36:16 +02:00
cnrat 4368b59a1d Fix FILE-6344 bug (#263) 
The result of mount command returns like
/proc on /proc type proc (rw,hidepid=2)

Witch means the regular expression should be '^/proc' not '^proc' or you can grep nothing. :P
 2016-08-18 11:48:45 +02:00
Michael Boelen 0050c993f8 [FILE-6374] Improved logging 2016-08-17 11:54:57 +02:00
Michael Boelen f9b2993f35 Removed unneeded field 2016-08-10 07:24:10 +02:00
Michael Boelen 039a829457 Style and readability improvements 2016-07-31 17:35:35 +02:00
Michael Boelen 4faaa10a8c Initialize variables and cleanup 2016-07-30 16:41:11 +02:00
Michael Boelen c74c572422 [FILE-6332] Enable testing for UUID usage with blkid command 2016-07-30 14:10:29 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00